From: Markus Armbruster <armbru@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>
Subject: Re: [Qemu-devel] [PATCH v2] Describe flaws in qcow/qcow2 encryption in the docs
Date: Wed, 22 Jan 2014 16:32:11 +0100 [thread overview]
Message-ID: <8761pcxcas.fsf@blackfin.pond.sub.org> (raw)
In-Reply-To: <1390393704-16067-1-git-send-email-berrange@redhat.com> (Daniel P. Berrange's message of "Wed, 22 Jan 2014 12:28:24 +0000")
"Daniel P. Berrange" <berrange@redhat.com> writes:
> The qemu-img.texi / qemu-doc.texi files currently describe the
> qcow2/qcow2 encryption thus
>
> "Encryption uses the AES format which is very secure (128 bit
> keys). Use a long password (16 characters) to get maximum
> protection."
>
> While AES is indeed a strong encryption system, the way that
> QCow/QCow2 use it results in a poor/weak encryption system.
> Due to the use of predictable IVs
Sector number zero-extended to 128 bits.
> it is vulnerable to chosen
> plaintext attacks which can reveal the existance of encrypted
> data.
>
> The direct use of the user passphrase as the encryption key
> also leads to an inability to change the passphrase of an
> image. If passphrase is ever compromised the image data will
> all be vulnerable, since it cannot be re-encrypted. The admin
> has to clone the image files with a new passphrase and then
> use a program like shred to secure erase all the old files.
>
> Recommend against any use of QCow/QCow2 encryption, directing
> users to dm-crypt / LUKS which can meet modern cryptography
> best practices.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Amateur crypto.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
prev parent reply other threads:[~2014-01-22 15:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-22 12:28 [Qemu-devel] [PATCH v2] Describe flaws in qcow/qcow2 encryption in the docs Daniel P. Berrange
2014-01-22 15:24 ` Eric Blake
2014-01-22 15:48 ` Daniel P. Berrange
2014-01-22 15:32 ` Markus Armbruster [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8761pcxcas.fsf@blackfin.pond.sub.org \
--to=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.